An aggressive new data protection law went into effect on March 1, 2010. Massachusetts 201 CMR 17 requires companies to employ specific controls to protect the personal information of Massachusetts' residents.